@ Qualys. 


Introducing the Qualys 
Gov Platform. 


A unified and strategic approach for federal 
agencies’ security and compliance. 


Pion Flexible. Comprehensive. 


WannaCry Dashboard 


As the only security vendor with a FedRAMP- 


certified scanning platform, Qualys has the 


experience and technology to help civilian 
and defense federal agencies, as well as state 
and local governments. With Qualys Gov 
Platform, you can identify, detect, protect 

and respond to cyber threats, meet regulatory 
and compliance requirements, and protect 


digital transformation efforts. 


Fisma Y 


FedRAMP Authorized 


Example of a customizable, 
user-defined dynamic dashboard 
for tracking real-time progress of 
WannaCry remediation alerts. 


U.S. federal agencies must comply with White House cybersecurity Executive Orders and strict compliance 
requirements, such as FedRAMP, National Institute of Standards and Technology (NIST) standards, and the 
Federal Information Security Management Act (FISMA); and act on urgent IT modernization mandates to 


expand their cloud computing adoption. 


Like their private-sector counterparts, federal Chief Information Officers (CIOs) and Chief Information Security 


Officers (CISOs) face budget constraints, skilled staff shortages, and confusing vendor noise. They must fulfill 


lofty digital transformation expectations while preventing and mitigating increasingly sophisticated and 


aggressive cyberattacks. 


At Qualys, we understand these challenges. For almost 20 years, Qualys has helped government and 


commercial organizations attain and sustain rock-solid security and compliance postures, while they 


safely pursue their strategic mission and continuous IT innovation. 


Why Qualys? 


FedRAMP Authorized 
and CDM Approved 


Qualys Gov Platform obtained FedRAMP 
Authorization to Operate (ATO) in 2016, an approval 
that requires a lengthy and rigorous process. Since 
FedRAMP standardizes how FISMA applies to cloud 
service providers, Qualys’ authorization streamlines 
federal government customers’ assessment and 
approval process for adopting our platform. Qualys 
Gov Platform is also on the Approved Products 

List of the General Services Administration’s (GSA) 


CDM program,which requires a Department of 


Homeland Security (DHS) qualification process. 


74% of the Forbes Global 
50 Can’t Be Wrong 


Qualys’ 10,300+ customers include 74% of the Forbes 
Global 50 and almost half of the Global 500, while its 
robust partner ecosystem features leading managed 
security service providers and security consulting 
firms including EY, IBM, DXC Technology, NTT, 
Verizon, SecureWorks, Deloitte and others. 


Deployment Flexibility 


For agencies with strict data storage requirements, 
Qualys offers multiple deployment options, including 
on-premises, private, hybrid, public and government 
cloud. A private cloud option provides an alternative 
with all the benefits of Qualys Gov Platform within the 
walls of your datacenter. Qualys Private Cloud 


Platform (PCP), available as a full server, virtual rack 
and as a standalone appliance, allows organizations 
to store data locally and under their control. The 
all-in-one PCP devices are pre-loaded with the Qualys 


software and pre-configured for quick and easy 
deployments. They're updated by Qualys and our 


cleared partners. 


Total Cloud Protection 
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Microsoft Azure Google Cloud Platform 


Qualys helps ensure that federal customers moving 
workloads to the cloud, including their VMs, cloud 
instances and containers, are secure and compliant across 
cloud platforms. Qualys has agreements and seamless 
integrations with most major cloud providers, so you can 
conduct required asset discovery, asset management, 
vulnerability management, web application scanning, 
threat prioritization, policy compliance and more. 


Low TCO, Simple 
Deployment 


Our platform’s revolutionary architecture, which 
includes a software-as-a-service (SaaS) delivery and 
licensing model, offers unparalleled ease of deployment 
and slashes the costs and complexity associated with 
acquiring, installing and maintaining on-premises 
security software. Qualys can be quickly deployed, with 
nothing to install or manage: All services are accessible 


via an intuitive web interface. 


Robust, Scalable Backend 


Qualys Gov Platform’s state-of-the-art, massively 
scalable backend has robust, centralized capabilities 
for reporting, storage, data analysis, search indexing 
and asset tagging, among other functionality. The 
platform scales to the largest environments, allowing 
customers to seamlessly add coverage, users and 
services as needed. The platform performs 3+ billion 
IP scans, and detects 1+ trillion security events per 
year, with Six Sigma accuracy (99.9996%) for 
vulnerability scans, so customers don’t waste time 
and resources chasing false positives. Vulnerability 
data is securely stored and processed in an n-tiered 
architecture of load-balanced servers, with encrypted 
databases that are physically and logically secure. 


Custom Templates for 
Federal Agencies 


Qualys Cloud Apps offer multiple out-of-the-box 
templates, capabilities and pre-built content 
designed to streamline compliance with 
federally mandated regulations and policies. For 
example, the Qualys Policy Compliance (PC) app 


helps organizations comply with multiple mandates 
and standards in a harmonized manner - by 
consolidating the requirements from the multiple 
standards into a single view - and allows reporting 


on one or multiple mandates in a single report. 


Meanwhile, the Qualys Security Assessment 
Questionnaire (SAQ) app has a NIST Cybersecurity 
Framework template. Both PC and SAQ support 
out-of-the-box, automated reporting on NIST 
Cybersecurity Framework, NIST 800-53 controls and 
on the DISA STIG guidelines. 


Instant, Comprehensive 
Visibility 

Qualys Gov Platform’s sensors give organizations 
continuous, real-time visibility of all their IT assets 
—on premises, at endpoints and in clouds — for 
comprehensive prevention and response. Centrally 
managed and self-updating, the Qualys sensors 
come as physical or virtual appliances, or 
lightweight agents. A centralized, web-based, 
single-pane-of-glass UI gives you a complete and 
continuously updated view of your IT environment 


and its security and compliance posture. 


Security Stack Consolidation 


By consolidating your security stack on Qualys 

Gov Platform with our centrally managed and 
integrated Qualys Apps, you eliminate the plethora of 
siloed, heterogeneous point products that are difficult 
and expensive to integrate and manage. Qualys’ 
growing suite offers 18 Apps for, among other things, 
vulnerability management, asset inventory, threat 


prioritization, web app security, policy compliance 


and file integrity monitoring. Equip your security 
teams, including those in charge of on-premises 
infrastructure, cloud workloads, endpoint devices, 
mobile devices, ICS/SCADA systems, DevSecOps 
environments, web apps, and IT audit and 


compliance, with our centralized platform, whose 


apps are accessible from a unified dashboard and 


share data and resources from a common backend. 


End-to-End Security 
Platform 


Fully mapped to the NIST Cybersecurity Framework, 
Qualys Gov Platform helps your organization from 


identification and detection, to protection and 
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response. 


Identify Protect 
Detect Respond 


Helping you protect your mission. 


As federal agencies increase cloud adoption and 
digital transformation efforts, they need an 
integrated suite of security and compliance 
solutions that gives them the necessary visibility to 
maintain complete and continuous control of their 


vast and complex IT environments. 


That’s what Qualys Gov Platform can provide: 


A unified solution they can easily deploy at will 


and at scale, that offers visibility of their IT assets’ 


security and compliance at an agency-wide level. 


With Qualys Gov Platform, federal agencies can 


overcome the limitations of legacy enterprise 


security products designed for homogeneous, 


encapsulated environments. Instead, our platform 


offers the scale, flexibility, agility and versatility 
required for protecting today’s hybrid, borderless, An all-in-one powerhouse, on your own 


a ; . remises, full server rack. 
distributed and fast-changing IT environments. p : 


With Qualys, security is not bolted on, rather it is ee 
ny y É Request a full trial (unlimited-scope) 


at qualys.com/gov 


built i 


5 


to digital transformation initiatives. 


Qualys Gov Platform is easy to implement, easy to 
use and fully scalable - it can be deployed on 
premises or across public, hybrid, or FedRAMP- 


authorized clouds. 


Qualys Gov Platform - A Holistic Solution for Cybersecurity 


Comprehensive 
A Á ‘ CA VM CM TP PC PCI IOC +7 more 
Application Suite 
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Micro Service 
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Sensors / Agents 


Infrastructure Virtual Cloud Agent Passive API 
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